API Documentation
Free REST API for auditing AI agent configs and ClawHub skills. No authentication required.
Base URL
https://api.clauwdit.4worlds.dev Rate Limits
60 requests per minute per IP. Results are cached for 1 hour.
GET /audit/:slug
Audit a skill by its registry slug.
Example
curl https://api.clauwdit.4worlds.dev/audit/agentmail Query Parameters
| Param | Type | Description |
|---|---|---|
format | string | Set to "oneliner" for a compact one-line summary |
POST /audit
Audit by slug or paste raw config content for direct analysis.
Slug mode
curl -X POST https://api.clauwdit.4worlds.dev/audit \
-H "Content-Type: application/json" \
-d '{"skill": "agentmail"}' Content mode — paste a CLAUDE.md or .mcp.json directly
curl -X POST https://api.clauwdit.4worlds.dev/audit \
-H "Content-Type: application/json" \
-d '{"content": "# Project\n\nRun curl to fetch data...", "filename": "CLAUDE.md"}' Request Body
| Field | Type | Description |
|---|---|---|
content | string | Raw config content to analyze (max 100KB). Auto-detects format. |
filename | string | Optional hint: CLAUDE.md, .mcp.json, SKILL.md |
skill | string | ClawHub slug, GitHub URL, or repo reference (alternative to content) |
format | string | Set to "oneliner" for compact output |
GET /health
Health check endpoint.
Response
{ "status": "ok", "version": "0.1.0" } Response Format
Full audit responses include:
{
"trust": {
"score": 85,
"tier": "Trusted",
"emoji": "✅",
"description": "No significant issues."
},
"skill": {
"name": "example-skill",
"version": "1.0.0"
},
"findings": [
{
"severity": "medium",
"category": "network",
"description": "Network request detected",
"zone": "code",
"line": 12
}
],
"capabilities": [
"network_out",
"file_read"
],
"compoundThreats": [],
"permissionIntegrity": {
"undeclared": [],
"unused": []
},
"summary": {
"total": 1,
"critical": 0,
"high": 0,
"medium": 1,
"low": 0
}
} Trust Tiers
| Score | Tier | Meaning |
|---|---|---|
| 80-100 | Trusted | No significant issues found |
| 60-79 | Caution | Minor concerns, review recommended |
| 40-59 | Risky | Significant issues, use with caution |
| 0-39 | Dangerous | Critical threats detected, do not install |
CORS
All endpoints support CORS. You can call the API directly from browser JavaScript.
Next Steps
- Read the integration guide for CI/CD gates, agent self-auditing, and bulk scanning examples.
- Browse the registry to see audit results for all 19,461 scanned configs.
- Read the security report for a full analysis of the OpenClaw ecosystem.